Holiday Online Fraud: The Grinch That Keeps On Taking

The holiday season can be the most wonderful time of year. Wish lists are compiled, sales registers ring, and in-person and online visits increase exponentially. But for unprepared chief risk officers, the prospect of a nearby Grinch might turn the holidays into horrors. An increase in sales activity - much of it online or over a mobile device - and an influx of new customers could create a ripe environment for fraud.

Fraud is a billion-dollar business worldwide, generating more than half of its income during the last four months of the year.

Stolen credit card information and fraudulently opened credit accounts can drain millions of dollars from businesses’ bottom lines during the holidays. Beyond the short-term effects of fraud, however, are long-term ramifications that can have an equally devastating impact on business revenue and brand value:

For financial services companies, account origination and account takeover fraud drives up customer acquisition and verification costs, leading to lost revenue, negative publicity and brand damage.

For any online business, fraudulently purchased products equate to lost revenue, chargeback fees, and the possibility of competing against the black market, where stolen goods are resold.

The perfect storm of seasonal fraud is coming, and it’s building on three fronts.

First on the horizon is the rising tide of application fraud. Tens of millions of records were compromised by data breaches in 2016 alone, providing criminals with a generous inventory of personally identifiable information (PII) that they can use to increase identity fraud activity.

Secondly is the coming tsunami of fraud centered on credit cards featuring chip technology (“EMV cards”). Historically, fraudsters purchased stolen credit card information on the dark web and printed their own credit cards. As an anti-counterfeit measure, microchips have been installed in credit cards making it harder for fraudsters to reproduce cards and commit in-store fraud. EMV cards, however, add no additional barrier for online fraud, which only requires the card information and limited customer data to make a purchase. The result has been a shift in activity from card present (in-store fraud), to card not present (online fraud).

And lastly, is the seasonal change around the holidays, when online businesses focus on delivering a flawless customer experience so new and existing customers can quickly open accounts, edit their profile and make purchases. But a concerted focus on customer convenience during the holidays can adversely affect fraud detection efforts, making the balance between accessibility and safety difficult to achieve. Too little fraud prevention and the losses can quickly mount. Too much fraud prevention—for example, a highly complex CAPTCHA challenge/response—and there’s a risk of frustrating customers, resulting in abandoned shopping carts and defections to a more accommodating competitor.

Stopping the Grinch

The reality is that a majority of online transactions are valid, but the ones that aren’t are costly with fraud losses expected to grow to $19 Billion in 2018. The challenge for businesses is to streamline the online experience for the majority of honest customers while stopping the bad actors. The solution comes down to not only knowing about your customers, but also knowing how to quickly and seamlessly apply that knowledge at the critical moment of a transaction.

Let’s look at account origination fraud as an example. When a customer opens a new credit or bank account on their mobile device, it’s standard procedure to verify their identity using “offline” attributes such as name, address and phone number. Less common is the practice of using “online” attributes such as device identifiers, email address, IP addresses, location, etc. Now, imagine combining both of these attribute sets with a real-time fraud detection solution that can identify red flags before an account is opened.

This kind of fraud prevention capability is what online business and financial services companies need to deliver frictionless fraud prevention.

It’s time for businesses to use data to their advantage to proactively detect and prevent fraud while simultaneously protecting online consumers. Even a seemingly random data breach can help fraudsters fill in missing details (e.g., email addresses and passwords) that lead to account takeovers and other forms of fraud. And since it’s easy for the bad guys to piece customer data together, it’s only a matter of time before fraudulent claims arrive at your digital doorstep.

Ensure personal information is only used to protect customers. Neustar’s privacy by design approach utilizes customer data based on an opt-in model letting customers decide whether or not to allow the use of online identifiers for advanced fraud detection and prevention.

Fraud never takes a day off, especially during the holidays. Fortunately, neither does a good fraud prevention solution. For more holiday reading, we invite you to download a free copy of our whitepaper on account origination fraud, “Whose Credit Line Is It Anyway?” You can also visit us online to learn more about Neustar Fraud Detection Solutions.